I created a ntfsuser group, added my user to that group and trim permissions to the ntfd-3g executable (link in this post). That allows me mount the partition as root and read/write as regular user. It works, so (i think) not big deal here.

However if I add user to the mount options the following error shows up:

Mount is denied because setuid and setgid root ntfs-3g is insecure with theexternal FUSE library. Either remove the setuid/setgid bit from the binaryor rebuild NTFS-3G with integrated FUSE support and make it setuid root.Please see more information at http://ntfs-3g.org/support.html#unprivileged

What bugs me the most is I don't understand why I can't mount as regular user when the user option is set in the fstab. Shouldn't that allow regular users to mount and unmount? Is not like that I'm mounting and dismounting USB drives every 5', but I would like to get this done because I know it can be done

Sorry for asking such trivial question, but I sense that I'm missing something really stupid and I just can't figure what it is

Re: Mounting USB drive as regular user (with ntfs-3g)

Hello, as far as I know this is a security measure hard-coded into ntfs-3g by the developers. If you want to fix this you'll have to re-compile ntfs-3g with integrated fuse support. Apparently, using an external fuse library and allowing 'unprivileged' users to mount ntfs-3g volumes leads to "unwanted privilege escalation."

However, you probably don't really have to compile it yourself, because it appears to already be in AUR, here (package ID: 37647), although it didn't build right the last time I tried it.

If you install this, don't forget to first remove fuse (and ntfs-3g) using pacman, unless you need fuse for something else.

At the moment, I've just settled with "sudo mount /path/to/ntfs-mountpoint/"; users are allowed to unmount volumes even with the regular ntfs-3g implementation with the right permissions.

Re: Mounting USB drive as regular user (with ntfs-3g)

Beware of the double post! (+1)

Ok, I decided I'd get this to work, although the method and the implications it could have might not seem pretty to some. There are certain conditions for a user to mount any ntfs volume with ntfs-3g, I will name them here:

1. ntfs-3g with integrated fuse support. You'll get this by:

1A. Removing ntfs-3g and fuse from your system if you have them installed as separate packages, so do this as root:

pacman -Rn ntfs-3g
pacman -Rn fuse

Now you can install the new package.

1B. Getting a modified version of the PKGBUILD found in that AUR link previously mentioned by me, here's mine:

Save this as PKGBUILD, preferrably in an empty directory so it doesn't clutter things up when you build it.

1C. Now go to the directory where you saved it and do this as a regular user:

makepkg PKGBUILD

After that's done, you'll get a package called ntfs-3g-fuse-internal-2010.5.16-1-i686.pkg.tar.xz, or something similar.

1D. Install that package as root:

pacman -U ntfs-3g-fuse-internal-2010.5.16-1-i686.pkg.tar.xz

If all went well you now have ntfs-3g compiled with integrated fuse support.

2. The ntfs-3g version must be higher than 1.2506, this is already covered, the package installed from AUR matches this requirement.

3. The ntfs-3g binary must be set to setuid-root, to accomplish this you shall do the following as root:

chown root $(which ntfs-3g)
chmod 4755 $(which ntfs-3g)

I used 4750 instad of 4755, I guess that last bit can be a matter of personal taste as long as it isn't something obnoxious like "7".

4. The user must have the right access to the volume. Okay, this is the ugly part, volumes are owned by root and managed by the disk group with permissions brw-rw----, this means you have to add any users you want mounting this volume to the disk group.

4A. So, do this as root:

gpasswd -a [user] disk

Where [user] is obviously the name of whichever user you're adding to the disk group, do this for any user you want mounting this volume.

Any users currently logged in will have to log out and back in for these change to take effect, this most likely includes you.

4B. Now that you logged back in, try this:

groups

One of the groups listed should be disk, if it's not there you didn't completely log out of all open sessions.

5. The user must have the right permissions/access to the mount point. For a user to be able to mount something to a mount point, that user needs to have read permission (pretty self-explanatory), write permission (so the user can make any changes to the sub-structure of the mount point), and execute permission (so the user can change-dir to that mount point) to it. Mount points can be anywhere, so this really depends where you're mounting.

In my case, I'm mounting these volumes on certain directories under /mnt/, for example /mnt/example. If you're mounting stuff there, you might as well take advantage of the fact your "mounting user" is already in the group disk, and do the following as root:

chgrp disk /mnt/example
chmod 774 /mnt/example

Now users in the disk group will be able to manage these mount points.

6. Mount it. That's it, you should now be able to mount ntfs volumes as an "unpriveleged enough" user. Here's an example of what you'd have to put in /etc/fstab:

uid=0 means root will be the owner of this mount-point and anything in it after it's mounted. This is due to the fact that even though users might own their mountpoints and have rwx permissions on them, you might still not want them to write to the mounted ntfs volumes. Remove this if you want them to be able to write to the volume.

gid=6 means this will be managed by the disk group in my system. Perhaps the disk group has a different id in your system, run "id root" to find out, as root usually is part of this group.

fmask = 137 means the owner (root) can do anything with files in this volume except executing files. Group members (disk) can only read files here, not create or execute them. And other users can't do anything in this volume.

dmask = 027 means the owner can do anything with directories (execute here is needed to chdir), users can't write directories but they can read or execute in them (once again, needed by 'cd'), and finally other users still don't have any access.

You can use whichever fmask and dmask makes sense to you, or use an umask instead.

Re: Mounting USB drive as regular user (with ntfs-3g)

Gen2ly,FYI, Look at the age of the thread

Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael FaradayYou assume people are rational and influenced by evidence. You must not work with the public much. -- Trilby----How to Ask Questions the Smart Way